PDA

View Full Version : God! Someone explain this shit to me...



kid908
August 17th, 2009, 11:24 PM
WTF is all this shit in my internet security folder? I mean, seriously...how large is your internet security folder? Now COMPARE that shit to my shit...:gonk:


http://img14.imageshack.us/img14/6168/shithelpme.jpg


:raise::raise::raise::gonk::gonk::gonk::ohdear::oh dear::ohdear::maddowns::maddowns::maddowns:

Can someone seriously explain what's all this shit. If anyone uses Trend Micro, please compare yours to mine.

Oh and can someone tell me why it just randomly cuts off my internet permanently? I'm going to have to reinstall that shit since this is like the 5th time it has done that.

I get wifi fine. xfire works fine. I can play most games fine. It just 1 hog my hdd, and 2. cut off all web-browsing.

I'm posting this from a diff comp if you're wondering...

Amit
August 18th, 2009, 01:13 AM
HOLY SHIT! Your network has been invaded!

Reformat I guess? A trojan probably multiplied trash files to occupy space. I guess the use of your virus protection folder for such a thing is to possibly fool the noob user into thinking that their so called security needs this space to function. Copy AVG or something to the computer, run a scan, and see what it comes up with.

Boba
August 18th, 2009, 01:17 AM
God! Someone explain this shit to me...
well he's the guy that christians believe created the people, water, and the turtles and everything

i hope this helps

Jelly
August 18th, 2009, 07:01 AM
Download and run HijackThis (http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html). Choose the "do a scan and save a logfile" option, and paste the contents of the logfile here in this topic. Preferably in spoiler tags, since it can get pretty long. The log should give us a better idea of what it running.

Alternatively:

Reformat. Reinstall.

kid908
August 18th, 2009, 09:14 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:46 AM, on 8/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsv c.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.e xe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
H:\NOMADAPP\Portable Programs\W32\OnSpec\NOMAD.EXE
C:\Documents and Settings\Xing\Application Data\U3\11014218A2C14C9B\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Redemption] "\redemption.exe" /STARTUP
O4 - HKLM\..\Run: [drkly16j] rundll32.exe drkly16j.dll,ServiceCheck
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199650755875
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - Winlogon Notify: KWNTA - C:\WINDOWS\SYSTEM32\ICKGW32I.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - H:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32serve r.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsv c.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 12469 bytes



I just started this when I started my computer. So only the basic program I have at startup show up.

Syuusuke
August 18th, 2009, 09:49 AM
Tmp files made from your av, probably, maybe you want to dive into the folder and see where all the big files are?

Jelly
August 18th, 2009, 11:25 AM
A couple of the DLLs that are listed in that log belong to the KidsWatch Parental Control software (http://www.kidswatch.com/). That could also be what is cutting off your internet access.

The log looks clean to me, so I'd say you've not got any infections that are causing your massive Trend Micro folder. As Syuu said, check in Trend Micro to see if there's a way to delete old temporary files/log files. CCleaner (http://www.ccleaner.com/) may be able to help you in that area.

annihilation
August 18th, 2009, 11:35 AM
If they were TMP file then they would be in the temp folder. Correct?
Why the fuck do you have two listings for the same thing?

C:\WINDOWS\system32\Ati2evxx.exe

Also, you might wanna cut down on your insane ammount of running programs.
Try this:

1) Download Ccleanerhere (http://www.ccleaner.com/).
2) Click on the applications tab.
3) (assuming Trend Micro is listed) Scroll down untill you see Trend Micro, sheck it and clean it.
4) If that doesn't work then try cleaning out everything (except the advance stuff)
6) Don't forget to clean out your registry with Ccleaner!
5) If the above doesn't help you then I have no clue what to tell you.

E: LMAO KidsWatch.

Jelly
August 18th, 2009, 11:41 AM
RE: the ati2evxx.exe thing

You can disable it via msconfig if you want, it serves no real purpose other than assigning hotkeys to various ATI catalyst functions. Info here. (http://www.rage3d.com/board/showthread.php?t=33868826)

kid908
August 18th, 2009, 11:55 AM
If they were TMP file then they would be in the temp folder. Correct?
Why the fuck do you have two listings for the same thing?


Also, you might wanna cut down on your insane ammount of running programs.
Try this:

1) Download Ccleanerhere (http://www.ccleaner.com/).
2) Click on the applications tab.
3) (assuming Trend Micro is listed) Scroll down untill you see Trend Micro, sheck it and clean it.
4) If that doesn't work then try cleaning out everything (except the advance stuff)
6) Don't forget to clean out your registry with Ccleaner!
5) If the above doesn't help you then I have no clue what to tell you.

E: LMAO KidsWatch.

I have KidsWatch disabled for me. I keep it on for my sis's profile since I don't want her fucking shit up on my comp. I couldn't think of a diff program to do that shit. I'll try Ccleaner. I should uninstall that shit since my sis no longer use my comp. =\ But KidsWatch don't have anyshit active on my account. I have unlimited access. 'm 99% sure that the internet browsing shit is trend micro since It works again once I reinstall it.

Also can I delete the Temp files in C:\Program Files\Trend Micro\Internet Security\Temp?

annihilation
August 18th, 2009, 12:17 PM
I don't see why not.

kid908
August 18th, 2009, 12:32 PM
http://img34.imageshack.us/img34/3513/shitproblem.jpg

Here's all the shit that's hogging my hdd. I for one, have no fucking idea what they do.

Jelly
August 18th, 2009, 12:40 PM
Google's not turning up anything about how to delete Trend Micro temporary files. Assuming CCleaner doesn't delete them, try removing all but the most recent one.

Blindly deleting files in an AV's install folder is probably terrible advice, but since the folder's name is "temp," I'm not too worried it will break anything.

kid908
August 18th, 2009, 12:56 PM
Subscription ends in December so it's almost time to switch out. Any recommendations as what to use?

Cojafoji
August 18th, 2009, 02:25 PM
Subscription ends in December so it's almost time to switch out. Any recommendations as what to use?
avast.

Ganon
August 18th, 2009, 02:28 PM
aye vee gee

Cagerrin
August 18th, 2009, 02:32 PM
Avira. I've used both AVG and Avast at various times, and they're both slower and didn't detect things that Avira did.

annihilation
August 18th, 2009, 11:15 PM
Avira has strong detection rates
Avast takes less memory.

Pick one.
I'm using Avast and I love it.

Cagerrin
August 18th, 2009, 11:27 PM
Avira has strong detection rates
Avast takes less memory.

Pick one.
I'm using Avast and I love it.
Well, if the version of Avast I had is anything to go by, Avira is actually better on both counts. I just remember Avast slowing everything down.

StankBacon
August 18th, 2009, 11:47 PM
avg.

but yah, id say just delete the contents of the temp folder.

SnaFuBAR
August 21st, 2009, 03:38 AM
Kaspersky.

I had the same problem with trend micro.

Dwood
August 21st, 2009, 04:28 AM
If you can't stand that number of Temp folders then what you need to do is download DR-Delete (http://www.softpedia.com/get/System/System-Miscellaneous/Dr-Delete.shtml) And delete the temp folder. The files will finish deleting on the next reboot of your computer.